Guest user Created: Apr 26, 2019 Last commented: Apr 26, 2019

Sharing information

I was wondering what is the best way to share externally, ISO 27001 certified if a few customers are asking more details than external certification? Are you aware of what businesses share apart from external certification? Any samples you can share. SOA & Assets that are in the scope of certification does that get shared? Any samples you have

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 26, 2019

Answer:

Common documents required by customers are the Information Security Policy, Statement of Applicability, and Audit Report. Other documents can be asked depending upon what customers need.

To share such documents (some of them may have sensible information about your organization) you first should evaluate if the risks are worthy (e.g., the audit report has very sensitive information about your ISMS status, but the requester is your biggest customer or a potential customer you want to include in your portfolio). If you consider that the risk of sharing this information is acceptable , them you should provide a Non Disclosure Agreement with these customers to formalize the required conditions for protection of this information

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 26, 2019

Expert Advice Community